Home IT Info News Today How Observability Leads to Better Cybersecurity | eWEEK

How Observability Leads to Better Cybersecurity | eWEEK

68
Image of red cloud icons over a network.


eWEEK content material and product suggestions are editorially unbiased. We could generate profits whenever you click on on hyperlinks to our companions. Learn More.

The time period “observability” refers each to the idea of monitoring, analyzing, and understanding all information shifting throughout at present’s hybrid and multi-cloud environments and the rising applied sciences to assist it. Observability has turn out to be more and more essential in a world the place organizations spend closely on safety instruments, but breaches proceed to happen at file charges. 

According to Michael Dickman, Chief Product Officer at observability vendor Gigamon, observability doesn’t function in a vacuum—it’s intently linked to different applied sciences, together with information exfiltration, telemetry, and encryption. Security software program and visualization instruments are useful as a part of a corporation’s general observability efforts, they typically don’t present whole safety. I spoke with Dickman about observability within the enterprise and the various challenges of community safety. Watch the complete interview, or learn the important thing takeaways beneath.

Advanced Security Tools are Imperfect 

Organizations are more and more investing in superior instruments like prolonged detection and response (XDR), safety info and occasion administration (SIEM), and safety orchestration, automation, and response (SOAR), amongst others. However, these instruments perform as level options and provide solely partial visibility, in distinction to an observability answer. 

Encrypted Traffic Creates Visibility Challenges 

Traditional vulnerabilities, corresponding to insider threats and misconfigurations, create visibility blind spots. While encryption protects delicate info, encrypted visitors isn’t at all times safe. Most lateral motion assaults contain encrypted visitors, which poses an issue for visibility since conventional strategies can’t see inside encrypted information.

Organizations Must See Data Traffic in All Directions

Data exfiltration strategies have gotten more and more subtle, with attackers fragmenting information and extracting them in items. To successfully monitor and safe information, organizations want to take a look at each east-west (lateral information motion inside the community) and north-south (information movement out and in of the community) visitors. Organizations want the flexibility to examine plaintext information inside the inside setting and masks PII information for information privateness functions.

Good Telemetry Beats Total Visualizations

Many visibility instruments include dashboards to visualise information, however they’re solely as efficient as the standard and completeness of the info supplied. Gigamon focuses on acquiring the best telemetry reasonably than rising the variety of visualization instruments in order that deep network-derived intelligence is included into safety practices. This presents complete insights into TLS/SSL periods and permits organizations to keep up excessive ranges of safety whereas optimizing community efficiency.

See eWeek’s information to generative AI and cybersecurity to study extra in regards to the position of synthetic intelligence in enterprise danger assessments and cybersecurity efforts.



Source hyperlink

LEAVE A REPLY

Please enter your comment!
Please enter your name here